feat: config-core + openlock validate (bd openlock-lvc.2)

[vessux]

Summary

Builds src/config-core/ — one deep module that validates the whole .openlock/ folder (manifest + policy) behind a narrow interface — and ships it as openlock validate, the early-validation gate of the onboarding golden path (epic openlock-lvc, child lvc.2).

• Single source of truth for mount rules. config-core defines the manifest schema/semantic/filesystem rules once and exposes two entry points: lintManifest/lintFolder (collect-all, for validate) and parseManifest (strict/throw, for the live sandbox path). src/sandbox/openlock-folder.ts + mounts.ts are re-pointed at parseManifest, so the linter and the runtime can no longer drift. mounts.ts shed ~185→72 lines (validation moved out; only staging helpers remain).
• openlock validate [path] — zero-arg discovery of .openlock/, lints config.yaml + policy.yaml together, grouped/tiered output with fix: lines and a per-file summary, --offline to skip filesystem-existence checks (for CI / fresh clones), exit 1 on any error/filesystem issue.
• Two-tier severity (error / filesystem); unknown manifest keys are now hard errors (consistent with global-config).
• Policy validator folded in. src/validate-policy/ → src/config-core/policy/ (rules unchanged); the standalone validate-policy command is removed.

Built TDD via subagent-driven development; each task spec- and quality-reviewed. Spec + plan: docs/superpowers/specs/2026-05-30-config-core-validate-design.md, docs/superpowers/plans/2026-05-30-config-core-validate.md (local-only, gitignored).

⚠️ Breaking changes (for the release PR to aggregate — not added to CHANGELOG mid-cycle)

• openlock validate-policy removed. Its function is now openlock validate, which lints the manifest too.
• caps: in .openlock/config.yaml is now a hard error (unknown key "caps") instead of an ignored-with-warning field — and it now blocks openlock sandbox, not just validate. Stale configs must delete it.

Test plan

• bun run lint && bun run typecheck && bun test && bun run knip — all green (650 pass / 8 skip / 0 fail).
• openlock validate smoke: missing .openlock/ (→ init hint, exit 1), valid (exit 0), broken config+policy (grouped, exit 1), missing mount source (exit 1 [fs]; --offline → exit 0).
• Recommended before merge: Mac/podman sandbox launch smoke (openlock gateway stop && start, launch a sandbox with a real .openlock/config.yaml carrying mounts/args/env) — confirms the re-pointed runtime stages mounts + applies args/env identically, and that a stale caps: now errors at launch. (Change is parse-layer-only with full Mount[] parity proven by the ported tests, so low-risk, but it's the one contract that only surfaces at runtime.)

Notes

• Carries an unrelated rider already flagged for the release PR: credentialsPath() now honors XDG_CONFIG_HOME — n/a here, tracked from the prior lvc.3 PR.